CIS Controls v8 → GDPR crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and General Data Protection Regulation (EU 2016/679). 3 mappings.
| CIS Controls v8 | GDPR | Relationship | Notes |
|---|---|---|---|
| 1.1 Establish and maintain detailed enterprise asset inventory | Art. 30 Records of processing activities | RelatedCurated | Asset & data inventory |
| 11.1 Establish and maintain a data recovery process | Art. 32 Security of processing | RelatedCurated | Backup & recovery |
| 3.11 Encrypt sensitive data at rest | Art. 32 Security of processing | PartialCurated | Cryptography & data protection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.